Résumé: With rapid growth of mobile devices and the emergency
of mobile cloud services, it is a trend to use mobile
devices for mobile-centric applications, and expand the mobile
capabilities and provide needed security by mobile cloud services.
However, due to the mobility of the device and the semi-trust of
the mobile cloud, how to build trust in the mobile applications is
a big concern. In this paper, we propose a dual-root trust online
transaction model that provides a dual-root trust model including
both the user’s mobile device and a delegation mobile cloud.
We design a dual-root trust protocol by leveraging a modified
CP-ABE cryptography and the trust execution environment embedded
in a mobile device to provide device-specific transaction
confirmations for online transactions initiated by the mobile
user. The performance evaluation of the protocol demonstrates
that it is a lightweight scheme for mobile devices since most
cryptographic functions are delegated from users to the mobile
cloud. We also provided security assessments to prove that the
proposed DRT protocol is resilient to impersonation attacks by
considering each participant may run Dual-Root Trust (DRT)
protocols on behalf of others.